Join Log in
Score:0
avatar Server

Centos - Unbboud and URIBL_BLOCKED blacklist

tr flag
Pikk

I am facing the following problem: My websites have contact forms. People reach out to me via contact form. I receive 1 email after every contact form sent. Since about 1 week Ms Outlook is marking my own emails (sent from my websites) as spam.

The headers of those emails have:

tests=ALL_TRUSTED,DKIM_SIGNED,
    DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_REPLYTO,URIBL_BLOCKED autolearn=no

The main purpose of this question: To get out of URIBL_BLOCKED list and have spamassassin to not add the URIBL_BLOCKED header.

Here follows my troubleshooting:

My resolve.conf had:

# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search localdomain
nameserver 62.149.128.4
nameserver 62.149.132.4
nameserver 2001:4860:4860::8888

I was told that the reason of is probably a DNS issue. Many blacklisting services don’t allow queries from freely available DNS servers, and that may include the DNS my VPS provider uses.

For e-mail servers I was suggested to use my own recursive resolver. For example Unbound.

This is why I decided to opt for Unbound.

I installed Unbound. Its configuration is:

]# cat /etc/unbound/unbound.conf | egrep -v "^\s*(#|$)"
server:
        verbosity: 1
        statistics-interval: 0
        statistics-cumulative: no
        extended-statistics: yes
        num-threads: 4
         interface: 0.0.0.0
        interface-automatic: no
         port: 53
        so-reuseport: yes
        ip-transparent: yes
         cache-max-ttl: 86400
         do-ip4: yes
         do-udp: yes
         do-tcp: yes
         access-control: 0.0.0.0/0 refuse
         access-control: 127.0.0.0/8 allow
        chroot: ""
        username: "unbound"
        directory: "/etc/unbound"
        log-time-ascii: yes
        pidfile: "/var/run/unbound/unbound.pid"
         hide-version: yes
        harden-glue: yes
        harden-dnssec-stripped: yes
        harden-below-nxdomain: yes
        harden-referral-path: yes
        unwanted-reply-threshold: 10000000
        prefetch: yes
        prefetch-key: yes
        rrset-roundrobin: yes
        minimal-responses: yes
        module-config: "ipsecmod validator iterator"
        trust-anchor-signaling: yes
        trusted-keys-file: /etc/unbound/keys.d/*.key
        auto-trust-anchor-file: "/var/lib/unbound/root.key"
        val-clean-additional: yes
        val-permissive-mode: no
        val-log-level: 1
        include: /etc/unbound/local.d/*.conf
        ipsecmod-enabled: no
        ipsecmod-hook: "/usr/libexec/ipsec/_unbound-hook"
python:
remote-control:
        server-key-file: "/etc/unbound/unbound_server.key"
        server-cert-file: "/etc/unbound/unbound_server.pem"
        control-key-file: "/etc/unbound/unbound_control.key"
        control-cert-file: "/etc/unbound/unbound_control.pem"
include: /etc/unbound/conf.d/*.conf

The /etc/resolv.conf now looks like:

# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search localdomain
;nameserver 62.149.128.4
;nameserver 62.149.132.4
;nameserver 2001:4860:4860::8888
nameserver ::1
nameserver 127.0.0.1
options trust-ad

Connection Test before installing Unbound:

dig ubuntu.com @localhost -> 135 msec
# host -tA 2.0.0.127.multi.uribl.com

Connection Test afer installing Unbound:

dig ubuntu.com @localhost -> 0 msec
# host -tA 2.0.0.127.multi.uribl.com

Blacklist query before installing Unboud:

2.0.0.127.multi.uribl.com has address 127.0.0.1

Blacklist query after installing Unboud:

2.0.0.127.multi.uribl.com has address 127.0.0.14

When I run spamd retstart I get:

# spamd retstart
server socket setup failed, retry 1: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 2: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 3: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 4: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 5: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 6: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 7: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 8: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
server socket setup failed, retry 9: spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use
spamd: could not create IO::Socket::IP socket on [127.0.0.1]:783: Address already in use

I then rebooted the whole VPS machine and re-run:

host -tA 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com has address 127.0.0.1

# unbound-control dump_cache logs:

[1651605758] unbound-control[12193:0] warning: control-enable is 'no' in the config file.
[1651605758] unbound-control[12193:0] error: connect: Connection refused for 127.0.0.1

Other logs:

# netstat -antup |grep unbound
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           12181/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           11927/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           11927/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           11927/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           11927/unbound

Any idea what else I can do to get unlisted from uribl?

Please help

UDPATE: After waiting about 12 hours from the last change I did in the server, the test result from the test is:

# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 62.149.128.122]"


nslookup -q=txt 2.0.0.127.multi.uribl.com
Server:         62.149.128.4
Address:        62.149.128.4#53

    Non-authoritative answer:
    2.0.0.127.multi.uribl.com       text = "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 62.149.128.123]"
    
    Authoritative answers can be found from:

So it looks like I am not in that list anymore.... however Spamassassin is still firing the URIBL_BLOCKED rule

As suggested in the comments, I fixed the resolv.conf file: New resolv.conf:

#options trust-ad
#; generated by /usr/sbin/dhclient-script
#search localdomain
#nameserver 62.149.128.4
#nameserver 62.149.132.4
#nameserver 2001:4860:4860::8888
nameserver ::1
nameserver 127.0.0.1
options trust-ad
41
0 + 0
djdomi avatar
za flag
djdomi
you seems really to mix up things and have a [x and y problem](https://faq-database.de/doku.php?id=en:x-and-y-problem) in my mind, please update the question and share the original, business related question or issue.
0
Reply
tr flag
Pikk
Thank you @djdomi you're right. I edited the question and highlighed the main problem I am trying to resolve.
0
Reply
djdomi avatar
za flag
djdomi
To be honestly with you - I assume that you are not a Business-Administrator, which leads to the first fact: Your question would be off-Topic for Serverfault.com - Second fact: in my understanding of your question, you have an [X-And-Y-Issue](https://faq-database.de/doku.php?id=en:x-and-y-problem) in here. The Reason in my human opinion is, Fact three: It seems you don't know how [Blacklists](https://en.wikipedia.org/wiki/Wikipedia:Spam_blacklist) work. So far, so Good and Bad - However, please verify your domain at [MX Tool Box](https://mxtoolbox.com/) which help you to understand the issue.
0
Reply
djdomi avatar
za flag
djdomi
And to Continue on the Point - I assume, that your E-Mail server does not query localhost for DNS querys. This is what you can test with `nslookup -q=txt 2.0.0.127.multi.uribl.com` and provide the output - remember, within the spamd.conf you can specify `dns_server 127.0.0.1` for forcing this. - The [Manual for Spamassassin](https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html) is the source of the second part of this comment.
0
Reply
tr flag
Pikk
The result is similar to the `host` command. Today tests with both `nslookup` and `host` give refused (which is probably ok). I added the output below in the question.
0
Reply
djdomi avatar
za flag
djdomi
No its a different! - Your query will goto 62.149.128.4 instead 127.0.0.1 - so there is a other DNS configured in the system.
0
Reply
tr flag
Pikk
How can I find that? If I `ss -antpl | grep 53` I see only `unbound` listed
0
Reply
tr flag
Pikk
Please refrain from personal attacks. Please consider that if a person doesn't understand it may be due to the lack of quality in explanation. Or lack of explanation.
0
Reply
djdomi avatar
za flag
djdomi
your /etc/resolve.conf seems that you have used `;nameserver 62.149.128.4` instead `#nameserver 62.149.128.4` - /etc/resolve.conf use a top down reading, and " ; " is a separator and not a commentator - or in words told: use hashtag instead semicolon - fix this please.
0
Reply
tr flag
Pikk
Thank you for your kind reply. I fixed the `resolv.conf` file and added it to the question in the bottom. Also I run `spamd restart` and `systemctl restart unbound`. ` nslookup -q=txt 2.0.0.127.multi.uribl.com` now says `Server: 127.0.0.1` `Address: 127.0.0.1#53` `2.0.0.127.multi.uribl.com text = "permanent testpoint"` - however still Spamassassin is adding the same list to the headers.
0
Reply
djdomi avatar
za flag
djdomi
Remind, that spamd needs to be restarted to catch the new configuration - in your case, just reboot the complete server.
0
Reply
tr flag
Pikk
Thanks... I noticed each time I reboot the server the resolv.conf gets overwritten with the original values `;generated by /usr/sbin/dhclient-script` - do you think it's better if I open another question for that issue? I have no idea why it's being overwritten, and why it gets specifically those IP addresses as DNS... maybe it acts as a DHCP client and populates the resolv.conf from the info it gets from the DHCP server.
0
Reply
djdomi avatar
za flag
djdomi
Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/136043/discussion-between-djdomi-and-pikk).
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.